Providing Android application inside company - android

In our company I would like to provide my application for some workers, the options are:
via APK - unsafe for phones, complicated updates
via GooglePlay - app can be installed and decompiled by "3rd party people", we do not have something special to hide there (yet ;)), as our web service is secured by logging to it first, but we would like to avoid making it fully publish
via Google Play as test build - limitation to 100 users
via enterprise mobility management (EMM) solutions - we do not have EMM, we would like to avoid creating work profiles on employee devices (these are their private phones, some people are not enough technical to do it, we don't have experience with EMM to deploy it in our company
Is there any way to publish app which will fulfill only few following features:
app is available to users which I choose, for example by their GMail account or by only known to me link
automatic updates when there is new version of app
crash reports (I have Crashlytics so this point may be insignificant)

I've been using a service called App47 for this: https://app47.com/
Basically it allows you to install a private app store on people's phones with all of your internal apps. Check it out
There are others like it but that's the one I've been using

Related

android and apple : Redirect to website for payment when cross platform services

Description of the situation:
Application A: Purchases availables with in-app-purchase. Android & Apple.
Website: (in project). Offers different services than application A but is linked to the application. (for example a user of the website can see the usage statistics of some users of the application A, send them a message or send them activities to do). Use of Stripe on the site to access the paid features.
Application B : (in project). We want to simplify the access to the website and therefore allow the access to some of the website features on the mobile application. The features can also be purchased with in app purchase from the app. Android & Apple.
Application A will redirect to the website.
The website will redirect to the application B.
Application B will never redirect to the website.
Question N°1:
According to article 3.1.3(b) of the apple guidelines, since it is a cross platform service, we have the possibility to offer other payment methods than in app purchase in other platforms as long as they are available with in app purchase on the mobile application (which is our case). Is it possible with android too?
3.1.3(b) Cross-Platform Services: Apps that run on multiple platforms may allow users to access content, subscriptions, or features they have acquired in your app on other platforms or on your website, including consumable items in cross-platform games, provided that these items are also available as in-app purchases in the app.
https://developer.apple.com/app-store/review/guidelines/#in-app-purchase
Question N°2 :
The redirection to another service that contains payment methods is normally forbidden on Apple and Android.
Since the redirection is made from an application to another totally different site, whose services are not accessible from the application A, is it in my right to make this redirection ? (Application A → website).
Thanks
EDIT :
I asked the question to the google service. Here is the answer which is unfortunately not very helpful:
Unfortunately I'm not able to comment on your planned implementation. If you think your app is in compliance, please submit your app for another review. You may want to review the Developer Program Policies for additional policy guidance.
https://play.google.com/about/developer-content-policy/
Yes you can do that.
Apple asks you to offer in-app purchases if there are features unlockable in the app (which looks like you already have)
Google is the same, but the truth is they are much less strict than Apple on that.
Redirecting to a website from your app isn’t an issue. Even if the website has some paying features.
Redirecting to Application B from the website isn’t an issue either.
Side note: some of your users will be redirected from Application A to the website and then to Application B: which looks like to me that you will be loosing traffic from Application A towards Application B.

Ways to stop other android applications from identifying my application?

We have developed a payment application with native android to compete in the local market. Our competitors have made it so that when their applications detect ours, theirs automatically disables itself. The problem is that our users use their applications as well so we wanted our application to be unidentifiable by the other apps.
Our solutions for this have been distributing our app manually instead of playstore and generating a unique bundle id for each individual user.
What else can we do to get around this?
till Android 10 any app can list ALL apps installed on device. starting Android 11 there are some limitations and by default you can't list all apps, so you are "safe". BUT 3rd-party may request QUERY_ALL_PACKAGES permission and will detect your app as well. note that Google Play Store have special policy for such apps, not every app may be published with it
still your app may be detected when it will use this 3rd-party apps API/Service (depends on way for access) and then it will lock itself

How does designing custom android DPC app relate to Android management API?

I'm new to android enterprise development world, and I have some misconception of how different pieces in the android enterprise ecosystem relate to one another. Let me explain.
The solution that I'm trying to achieve is being able to lock the device into kiosk mode both remotely, and also based on some business logic do it even when the user is offline. I started investigating EMM and particularly Android Management API to solve the problem. I was able to lock the device remotely into kiosk mode using the API. The steps that I take is following
Factory reset the android device
Reach the screen where user needs to enter their credentials
Instead of real credentials I enter afw#setup
Device enters into work profile mode and android device policy is being installed
I create an enrollment token in the management API (the steps for that are described in the quick start guide
I generate a QR code and scan it using the factory reset device as soon as I'm prompted
The device will be linked to the enterprise, and I'm successfully being able to control it and put the device into kiosk mode by creating special kiosk mode policy and patching the device to comply to that policy using a combination of patch policy (to create a policy) and patch device APIs.
The next step was finding out a way to lock the device into kiosk mode even when user is offline. I assume that it's going to happen by creating an android enterprise custom DPC (device policy controller) application. I assumed that by reading the following documentation, where one of the 3 ways of provisioning "single purpose" devices is creating a custom DPC application. Here's another quote from different url
As an EMM, you develop a DPC app that can be used by your customers in conjunction with your EMM console and server. Your customer deploys the DPC to the user devices that they manage. The DPC acts as the bridge between your EMM console (and server) and the device. An admin uses the EMM console to perform a range of tasks, including configuring device settings and apps.
And here's where all of my confusions arise.
First question that naturally arises - was the author of the previous quote referring to EMM management API when talking about EMM console and server?
Further, there are more questions that I couldn't find an answer to
In the guide for creating a custom DPC there are no mentions about what role EMM API will play in custom DPC, and consequently there's no place I could find that describes how exactly the custom DPC is a bridge between the EMM console (presumably EMM API) and the device?
Then, let's assume I've developed a custom DPC application and uploaded it to google play alpha channel. The documentation states that during the setup process instead of entering afw#setup I should enter afw#DPC_NAME, and I have no idea how to generate that name? Is it the bundle ID of the DPC app? Or perhaps it's being set somewhere in google settings? For instance, google has developed the TestDPC application to test enterprise solutions, and I was able to go through the steps I described above and enter afw#testdpc and successfully scanned the QR code in the git readme file and I saw that TestDPC was installed and device was launched into work profile mode. So, I assume somehow I need to register my own "testdpc" and enter afw#my_dpc instead.
Basically I have different pieces working stand alone and I want to form a broader picture in my mind to understand how to stitch those pieces together.
Thanks for your answers
UPDATE 1:
Today I found a way of turning custom DPC into device owner without going through NFC or other provisioning process. This is particularly useful for development purposes. Follow this link for instructions.This is both huge time saver, and also, in my case, we still are waiting for google's approval, but finally we can start testing some stuff without the need of custom provisioning process.
There are two distinct ways of managing Android devices:
The new way: the Android Management API. It is the way recommended by Google and it's significantly simpler than the old way, you don't need to call other APIs or to create a custom DPC. If your use case is not addressed by this API you can send feedback to Google so they can add the missing features.
The old way (no longer available for new deployments as of 2019-12-20): using custom DPC. For that you need to:
create a custom DPC,
register your custom DPC with Google by joining the EMM Community (this is how you get the afw#DPC_NAME),
use the Google Play EMM API to install apps.
In the documentation you - the developer using these APIs - are referred as "the EMM". "EMM server" refers to the server that you own and that calls these API, and "EMM console" refers to the UI console that you expose to your IT admins, if any.
https://developer.android.com/work/dpc/build-dpc
Caution: Android Enterprise is no longer accepting new registrations
for custom device policy controllers (DPCs). Learn more.
Hi #Fred,
I found this above information from the mentioned path.
I have some questions regarding the above conversation.
If we use Android management API to develop EMM, we don't need to implement Custom DPC app?
Whether we can register a account in EMM community with Custom DPC app?
Is it possible to use a custom DPC app with Android management API?

Enterprise Mobile SSO On Android

I have around three to four enterprise mobile applications targeted for employees of an organization. We would like to implement something like SSO, where you login with any of the applications, the other applications need not login. Also when you logout in any of the application the same has to be reflected in other applications as well.
I tried googling on this, I'm sure on which is the best approach for implementing the same.
Content Provider:
Using content provider, we have to make one of the applications as master which gives us the data needed to other applications. But here raises a query on what will happen if the master application is uninstalled?
Shared Preferences:
I also noted that applications can access other apps Shared Preferences, by defining userid for applications. But again here we use the concept of master which has the same flaw of application getting uninstalled, or what if the no of applications grows.
Isnt there a common repository there all the applications from the same developer can share, and repository will be available till the last application of the developer is uninstalled. Am I missing something here?
I was also looking for SDKs which does the SSO for mobile apps like Layer7 . Has anyone worked on any such SDKs? Any suggestions?
Thanks.
Another option would be to go with Centrify SDK solution for ios and Android - http://developers.centrify.com, which provides authentication & SSO via its Centrify application on the device similar to "FB login" style. You install Centrify application from any of the app stores (Google Play or Apple Appstore), and then use Centrify SDKs to integrate your apps for authentication via Centrify app. With this solution, you can claim Active Directory support into your enterprise application and add-on bonus is SSO for all of them.
Centrify App, Centrify SDKs are FREE.
Disclaimer: I work for Centrify.

MDM VS Mobile Application Analytics

I am new to Mobile Device Management softwares. How can we use MDM Softwares? Apple has provided the information in the link.
If both are same which one is the best?
How MDM is different from Mobile Analytics?
Is Event tracking is available in MDM?
MDM is meant for organizations that want to be able to manage one or more (usually a lot more) mobile devices for a group of users. That includes installing software, setting up mail and other settings, configuring security policies, etc.
Analytics is something quite different -- usually it refers to a service that a particular application can use to measure the use of that application: how many times was the game played, when did the user click a button, etc.

Categories

Resources